Question

我有一个带有raspbian stretch的树莓派3作为其操作系统。我按照本教程在raspberry pi上安装并完全配置了MQTT代理：https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-the-mosquitto-mqtt-messaging-broker-on-ubuntu-16-04 经纪人的一切都运作良好。证书在60天后续订，您只能通过localhost连接到端口1883，其他端口（8883和8083）已打开，但只能使用TLS 1.2版访问，后者也可以使用websockets访问。您可以在下面找到我的mosquitto配置代码（/etc/mosquitto/conf.d/default.conf）。

allow_anonymous false
password_file /etc/mosquitto/passwd

listener 1883 localhost

listener 8883
certfile /etc/letsencrypt/live/home.kamidesigns.be/cert.pem
cafile /etc/letsencrypt/live/home.kamidesigns.be/chain.pem
keyfile /etc/letsencrypt/live/home.kamidesigns.be/privkey.pem
tls_version tlsv1.2

listener 8083
protocol websockets
certfile /etc/letsencrypt/live/home.kamidesigns.be/cert.pem
cafile /etc/letsencrypt/live/home.kamidesigns.be/chain.pem
keyfile /etc/letsencrypt/live/home.kamidesigns.be/privkey.pem
tls_version tlsv1.2

我还买了一台ESP8266 Wemos D1 Mini以安全的方式连接到这个经纪人。我使用了以下链接中的pubsubclient库：https：//github.com/knolleary/pubsubclient用于我的MQTT客户端。我使用此链接的主分支：https://github.com/esp8266/Arduino来进行安全的SSL连接。下面你看到我用来编程Wemos D1 Mini的代码

#include <ESP8266WiFi.h>
#include <PubSubClient.h>
#include <time.h>

void callback(char* topic, byte* payload, unsigned int length) {
  Serial.print("Message arrived [");
  Serial.print(topic);
  Serial.print("] ");
  for (int i = 0; i < length; i++) {
    Serial.print((char)payload[i]);
  }
  Serial.println();

}

const char* ssid = "ssid";
const char* password = "wifipassword";

const char* host = "home.kamidesigns.be";
const int port = 8883;

WiFiClientSecure espClient;
PubSubClient client(host, port, callback, espClient);

long lastMsg = 0;
char msg[50];
int value = 0;

void setup() {
  Serial.begin(115200);
  Serial.println();
  Serial.print("connecting to ");
  Serial.println(ssid);
  WiFi.begin(ssid, password);
  while (WiFi.status() != WL_CONNECTED) {
    delay(500);
    Serial.print(".");
  }
  Serial.println("");
  Serial.println("WiFi connected");
  Serial.println("IP address: ");
  Serial.println(WiFi.localIP());

  // Synchronize time useing SNTP. This is necessary to verify that
  // the TLS certificates offered by the server are currently valid.
  Serial.print("Setting time using SNTP");
  configTime(8 * 3600, 0, "pool.ntp.org", "time.nist.gov");
  time_t now = time(nullptr);
  while (now < 1000) {
    delay(500);
    Serial.print(".");
    now = time(nullptr);
  }
  Serial.println("");
  struct tm timeinfo;
  gmtime_r(&now, &timeinfo);
  Serial.print("Current time: ");
  Serial.print(asctime(&timeinfo));
}

void reconnect() {
  // Loop until we're reconnected
  while (!client.connected()) {
    Serial.print("Attempting MQTT connection...");
    // Attempt to connect
    if (client.connect("ESP8266LightController","username","password")) {
      Serial.println("connected");
      // Once connected, publish an announcement...
      client.publish("outTopic", "hello world");
      // ... and resubscribe
      client.subscribe("inTopic");
    } else {
      Serial.print("failed, rc=");
      Serial.print(client.state());
      Serial.println(" try again in 5 seconds");
      // Wait 5 seconds before retrying
      delay(5000);
    }
  }
}

当我启动Wemos D1时，串口监视器说：连接到ssid .. WiFi连接 IP地址： 192.168.0.213 使用SNTP设置时间。当前时间：2017年10月14日星期六02:26:25 尝试MQTT连接...已连接

这很好，这正是我想要的但是我很困惑我的Wemos D1如何能够连接到端口8883而不验证服务器的证书链？请记住，我从未将证书上传到Wemos D1或在代码中实现了证书，但它仍然可以连接。

Answer 1

两个选项之一

WiFiClientSecure包含公共CA证书列表，并根据此列表验证您的证书
默认情况下，WiFiClientSecure默认不验证远程证书。

看看这个issue，看起来很可能是选项2，因为它意味着你必须在连接后自己验证证书。

ESP8266 Wemos D1 Mini与MQTT经纪人

1 个答案: